Bug 2042576 (CVE-2021-43045)

Summary: CVE-2021-43045 apache-avro: allows attackers to allocate excessive resources potentially causing a DoS
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, aos-bugs, asoldano, bbaranow, bmaxwell, bmontgom, boliveir, brian.stansberry, caswilli, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, eleandro, eparis, eric.wittmann, fjuma, gmalinko, iweiss, janstey, jburrell, jochrist, jokerman, jolee, jpallich, jperkins, jschatte, jwon, kaycoth, kwills, lgao, loleary, msochure, msvehla, nstielau, nwallace, pantinor, pdelbell, pdrozd, pjindal, pmackay, rguimara, rstancel, rsvoboda, smaestri, spinder, sponnaga, sthorger, theute, tom.jenkinson, yborgess
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2042577    

Description Guilherme de Almeida Suckevicz 2022-01-19 18:10:37 UTC 
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

References:
https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd
http://www.openwall.com/lists/oss-security/2022/01/06/8
Comment 1 juneau 2022-01-21 15:52:49 UTC 
Removed services-service-registry from affects; affected version not found in manifest(s).